Fedora Update Notification
2021-10-28 19:30:48.377092

Name        : java-11-openjdk
Product     : Fedora 33
Version     :
Release     : 1.fc33
URL         : https://openjdk.java.net/
Summary     : OpenJDK 11 Runtime Environment
Description :
The OpenJDK 11 runtime environment.

Update Information:

# New in release OpenJDK 11.0.13 (2021-10-19):  Live versions of these release
notes can be found at:  * https://bitly.com/openjdk11013 *
https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt  ##
Security fixes   - JDK-8163326, CVE-2021-35550: Update the default enabled
cipher suites preference   - JDK-8254967, CVE-2021-35565:
com.sun.net.HttpsServer spins on TLS session close   - JDK-8263314: Enhance XML
Dsig modes   - JDK-8265167, CVE-2021-35556: Richer Text Editors   - JDK-8265574:
Improve handling of sheets   - JDK-8265580, CVE-2021-35559: Enhanced style for
RTF kit   - JDK-8265776: Improve Stream handling for SSL   - JDK-8266097,
CVE-2021-35561: Better hashing support   - JDK-8266103: Better specified spec
values   - JDK-8266109: More Resilient Classloading   - JDK-8266115: More
Manifest Jar Loading   - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
- JDK-8266689, CVE-2021-35567: More Constrained Delegation   - JDK-8267086:
ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic   -
JDK-8267712: Better LDAP reference processing   - JDK-8267729, CVE-2021-35578:
Improve TLS client handshaking   - JDK-8267735, CVE-2021-35586: Better BMP
support   - JDK-8268193: Improve requests of certificates   - JDK-8268199:
Correct certificate requests   - JDK-8268205: Enhance DTLS client handshake   -
JDK-8268506: More Manifest Digests   - JDK-8269618, CVE-2021-35603: Better
session identification   - JDK-8269624: Enhance method selection support   -
JDK-8270398: Enhance canonicalization   - JDK-8270404: Better canonicalization
## Major Changes *
[JDK-8271434](https://bugs.openjdk.java.net/browse/JDK-8271434): Removed
IdenTrust Root Certificate *
[JDK-8261922](https://bugs.openjdk.java.net/browse/JDK-8261922): Updated keytool
to Create AKID From SKID of Issuing Certificate as Specified by RFC 5280 *
[JDK-8210799](https://bugs.openjdk.java.net/browse/JDK-8210799): ChaCha20 and
Poly1305 TLS Cipher Suites *
[JDK-8219551](https://bugs.openjdk.java.net/browse/JDK-8219551): Updated the
Default Enabled Cipher Suites Preference  ## FIPS Mode Changes - The `SunPKCS11`
provider in FIPS mode will now eagerly login to the NSS software token on
initialisation - `keytool` in FIPS mode now supports importing plain private
keys by the provider adding them to the NSS database. This can be disabled using

* Wed Oct 13 2021 Andrew Hughes  - 1:
- Update to jdk-
- Update release notes to
- Update tarball generation script to use git following OpenJDK 11u's move to github
- Remove "-clean" suffix as no 11.0.13 builds are unclean.
- Drop JDK-8269668 patch which is now applied upstream.
- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.misc.
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
- Restructure the build so a minimal initial build is then used for the final build (with docs)
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
* Tue Oct  5 2021 Martin Balao  - 1:
- Add patch to login to the NSS software token when in FIPS mode.
- Add patch to allow plain key import.
* Thu Sep  2 2021 Jiri Vanek  - 1:
- Added posttrans hook which persist sanity of dir->symlink change in case of update from ancient versions
- Minor cosmetic improvements to make spec more comparable between variants

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-9a51a6f8b1' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure